appointment-scheduler
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s appointment-scheduling purpose is coherent, but it needs review because provided scripts contain unsafe command execution and unvalidated file-path inputs while also handling customer data and calendar credentials.
Review this skill before installing. Its core function matches appointment management, but ask the publisher to fix the execSync booking-ID injection and validate date/path inputs. If you use it, protect the workspace data and Google OAuth token, use a dedicated calendar where possible, and only add the cron jobs if you want reminders and sync to run automatically.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a crafted booking ID reaches this path, canceling with waitlist notification could run unintended shell commands under the user’s account.
bookingId comes from command-line arguments and is inserted into a shell command string without validation or an argument array.
const output = execSync(`node "${scriptPath}" notify --booking-id ${bookingId}`, {Replace execSync shell strings with execFile/spawn using an argument array, or import waitlist logic directly; also validate booking IDs with a strict pattern such as hexadecimal-only.
A malformed date containing path traversal sequences could read or write JSON files outside the intended appointments directory, potentially corrupting workspace configuration or data.
The user-supplied date argument is used directly in a filesystem path; similar date-based path construction appears in booking/schedule scripts.
const filePath = path.join(DATA_DIR, `${date}.json`);Require dates to match YYYY-MM-DD, reject path separators and '..', and after resolving the path verify it remains inside the intended data directory.
Calendar sync can add customer appointment details to the user’s Google Calendar and the stored token may grant broad calendar access.
The Google Calendar integration uses local OAuth credential/token files and requests broad Calendar API access.
const CREDENTIALS_PATH = path.join(process.env.HOME, '.secrets', 'google-calendar-credentials.json'); ... scope: ['https://www.googleapis.com/auth/calendar']
Use a dedicated calendar if possible, protect the ~/.secrets token files, and consider a narrower Google Calendar scope if the implementation only needs event creation.
Customer names, phone numbers, emails, attendance history, and reminder status may remain in local workspace files across sessions.
The skill persistently stores customer appointments, contacts, no-show history, flagged-customer records, and reminder logs.
data/appointments/ ... bookings/ ... waitlist/ ... noshow/history.json ... flagged-customers.json ... reminders/sent.json
Treat the workspace data as sensitive, set retention/deletion practices, and avoid storing more customer details than the business needs.
If the user installs the cron entries, the skill’s reminder or sync scripts will keep running on a schedule until removed.
The documentation suggests user-configured cron jobs for recurring reminders and calendar sync.
0 9 * * * cd /Users/mupeng/.openclaw/workspace/skills/appointment-scheduler/scripts && node send-reminders.js --type day-before
Only add cron jobs intentionally, review what messages or calendar updates they trigger, and remove the cron entries when the skill is no longer used.
Installing npm packages is expected for these Node scripts, but it pulls third-party code into the local environment.
The skill is listed as having no install spec, but its setup guide asks the user to install npm dependencies; package.json and package-lock.json are present.
cd /Users/mupeng/.openclaw/workspace/skills/appointment-scheduler/scripts npm install
Run npm install only from the reviewed scripts directory, keep the lockfile, and review dependency updates before accepting them.